hadoop-hdfs-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Todd Lipcon <t...@cloudera.com>
Subject Re: HDFS Ports
Date Fri, 03 Sep 2010 16:02:01 GMT
Hi Stephan,

Rather than specifically blocking these ports, why not use a default DENY
policy and explicitly allow the ones you'd like to the outside world (eg
ssh?) This seems a lot easier than tracking down the specific ports to deny.

Regarding the specific question, my guess is that it's the JMX remoting
port. Do you set -Dcom.sun.management.jmxremote as a java option in
hadoop-env.sh?

-Todd

On Fri, Sep 3, 2010 at 12:53 AM, Stephan Gammeter <
gammeter@vision.ee.ethz.ch> wrote:

> We are trying to secure our HDFS installation by blocking all the ports
> that HDFS requires to the outside world. Unfortunately it's not possible to
> give our machines private IPs (... dont ask me why... ). So we were starting
> to compile a list of ports that HDFS uses, so we can specifically block
> traffic to these ports. So far we found that we can configure the following
> ports:
>
> dfs.datanode.http.address – 50075
> dfs.datanode.address – 50010
> dfs.datanode.ipc.address – 50020
>
> however we found via netstat -ltp that the HDFS datanode also listens on
> another random port and so far we've been unable to determine what that port
> is used for and how to configure it to be on a fixed port. Can anyone help
> with this?
>



-- 
Todd Lipcon
Software Engineer, Cloudera

Mime
View raw message